►
From YouTube: Mesos Containerization WG 09072017
Description
Agenda and notes:
https://docs.google.com/document/d/1z55a7tLZFoRWVuUxz1FZwgxkHeugtc2nHR89skFXSpU/edit?usp=sharing
A
A
A
A
Or
I
think,
let's
get
started
so
Jen,
so
today's
agenda
is
gonna,
be
James.
Peach
is
gonna
talk
about
on
to
the
design
for
me,
so
spam
support
I.
Think,
there's
a
link
to
that
design.
Talk
in
the
agenda
notes
talk
and
you
can
take
a
look
and
yeah
James.
Do
you
want
to
take
over
and
on
do
a
presentation
on
this
sure.
C
Thought
we
just
talked
about
the
design,
doc,
yeah,
I,
think
I.
Think
the
mechanics
of
how
to
put
Pam
in
there
are
a
little
bit
less
interesting,
then
why
we
would
want
to
do
that
in
the
design.
Doc
I've
made
a
proposal,
what
the
mechanics
of
how
we
should
do
that
and
I
think
when
Judy
and
I
discussed
this
a
little
bit,
he
had
another
place
where
we
could
be
with
another
layer
in
the
agent
stack
where
we
could
integrate
it
and
I
think
either
of
those
would
be
fine,
so
I
think
more
interesting
way.
C
A
So
that
yeah
I
think
James
I
agree
with
you
are
doing
you're
doing
that.
I
think
I
agree
with
you
that
we
should
talk
about
the
motivation
why
we
need
to
do
Pam
support
and
a
little
bit
background
will
be
super
useful
for
folks
to
understand
with
the
motivation
I.
E
C
E
E
C
You
okay,
so
it's
a
little
bit
of
history
on
pam-pam
is
pretty
old.
It
comes
from
the
olden
days
of
UNIX,
where
you
know
you
had.
Login
programs,
like
you
know,
mean
login
telnet,
our
login,
those
kind
of
things
x2,
whatever
the
X
display
manager
was,
and
they
all
had
their
own
no
custom
code.
For
how
do
we
authenticate
a
user?
How
do
we
update
password
material?
How
do
we
deal
with
things
like
setting
up
a
user
environment
and
code
in
the
mid-90s?
C
There's
a
team
at
Sun
that
invented
an
abstract
API
for
this
and
they
caught
a
pant.
The
terminology
around
Pam
is
not
really
all
that
well
defined
because
there's
like
three
or
four
slightly
different
Forks
and
implementations
of
API,
but
the
the
MIT
BSD
has
I
think
the
clearest
terminology
which
is
linked
here.
C
The
most
important
thing
we
had
to
terminus
and
that
Pam
is
is
Pam,
has
the
notion
of
facilities,
so
the
facility
is
a
group
of
functionality
and
generally
a
Pam
module,
which
is
a
dynamic
library
loaded
at
runtime
deals
with
one
or
more
facilities,
so
we're
interested
in
Japan
is
interested
in
authentication,
which
is
how
do
I
take
a
user
password
and
you
know
know
and
prove
that
it's
the
user
password
so
authentications.
So
you
might
be
my
an
application.
C
Back-End
might
be
Kerberos
or
LDAP
or
Etsy
password,
Etsy
shadow,
those
kind
of
things
this
way
applications
don't
need
to
change.
When
you
know
you
move
from
Crips
to
bcrypt
or
any
kind
of
whatever
your
password
implementation
happens
to
be
whatever
your
storage
is
that
it's
is
opaque
to
any
application
that
authenticates
users.
A
So
James,
you
know
if
I
understand
correctly
you're
saying
that
the
application
should
rising
the
Pam
api's
and
then
the
operator
can
swap
the
module
of
the
pan
so
that,
like
opera,
can't
just
switch
authentication
mechanism
am
I
in
a
strength
understand
correctly:
yes,
you're
understanding,
correctly.
Okay,.
C
So
the
opera,
so
all
the
application
has
to
do-
is
correctly
manipulate
the
Pam
API
and
you
can
support
all
all
authentication
mechanisms
from
history
and
future
pam
has
account
management,
which
does
things
which
deals
with
things
like
when
you're
allowed
to
log
in.
So
it's
all
the
non
authentication
aspects
about
your
account.
So,
for
example,
you
could
use
pay
an
account
management
to
implement
things
like
G
is
not
allowed
to
log
in
to
this
particular
terminal,
because
it's
restricted
for
some
policy
reason
right.
So
maybe
your
account
is
correct.
C
Your
password
is
correct,
but
for
some
administrative
reason
we're
not
gonna,
let
you
we're
not
gonna.
Allow
you
to
log
in
session
management
deals
with
such
many
facility
deals
with
how
we
should
construct
your
session,
so
the
very
common
module
is
Pam
make
home,
so
the
automatic
it
makes
your
session
management
module.
It
creates
your
home
directory
based
on
a
spec
on
demand.
C
Authentication
token
update
is
the
final
one
and
that's
all
about
how
do
we?
How
do
we
update
authentication
tokens?
So
if
LDAP
says
that
you
have
to
change
your
password,
how
do
we
change
your
password?
What
are
the
steps
in
the
mechanics
involved
in
that?
Well,
the
steps
depend
on
where
your
password
is
and
how
it's
stored
and
how
it's
encrypted
and
a
bunch
of
other
things
that
applications
really
shouldn't
need
to
know.
C
So
why
despair
make
sense
for
a
container,
Australia
I,
think
I
think
it
depends.
On
your
perspective,
one
perspective
that
we
could
have
about
containment
orchestration
is
that
a
container
is
a
user
session
on
a
remote
system.
If
we
think
about
a
container
as
being
a
user
session,
then
it
really
isn't
that
different
from
SSH
like
we're,
giving
you
orchestration
and
automation
and
we're
dealing
with
a
lot
of
little
resources
under
covers
for
you.
But
but
fundamentally
it's
like.
C
A
So
that's
why
I
kind
of
like
a
thought
see
it's
like
I,
think
well,
I'm
full
of
like
for
historical
reason
and
provides
a
lot
of
like
stuff
like
authentication
and
token
management,
and
things
like
that.
I
think
some
of
the
features
are
already
there
in
the
continuous
trailer
itself.
For
example,
as
you
mentioned,
ostentation
authorization,
it's
already,
building
the
container
up
straight
Iraq
may
suppose.
I
guess
like
we're.
A
C
For
example,
like
10
camels,
education
is
really
are
into
the
an
interactive,
interactive
authentication,
interactive,
logins
and
that
doesn't
really
make
sense
in
the
most
violent
way.
I
mean
cam
account
and
password
change
management
also
released
it's
so
tightly
coupled
to
the
publication,
but
it
also
doesn't
make
sense
but
I
think
if
we
think
about
it,
if
we,
if
we
can
see
running
a
container
as
being
analogous
to
a
user
session,
then
I
think
that
the
session
and
account
facilities
can
can
can
be
interesting.
So
you
have
a
couple
of
use
cases.
C
For
example,
I
am
my
back
burner.
I
have
a
proposal
to
do
auditing
or
if
it's
support
for
me
sauce
so
I
looked
into
your
Linux
audit
subsystem
and
one
of
the
things
you
can
do
my
little
heinous
Linux
or
its
subsystem
to
track.
You
say
a
distinct
order.
You
might
do
which
persists
across
Fork,
and
it's
linked
by
your
credential
from
your
real,
effective
and
safe
new
IDs
now
to
sit
that
order
to
idea.
C
You
have
to
manipulate
afar
and
rock,
but
there's
already
a
pen
model
that
does
this
and
it's
a
session
module.
So
as
an
operator
of
a
platform,
if
my
containers,
when,
if
each
of
my
containers
read
in
a
given
session,
I
could
just
apply
the
palm
loving,
you
I
gave
my
job
to
this
and
then
each
of
my
ten
and
then
that
would
automatically
set
up.
We
audit
UID
in
my
container
I'm.
C
C
It's
no
use
for
Commission's,
it's
just
use
for
order,
talent,
okay,
so
so
it's
kind
of
interesting
because
it
lets
you
save
it
lets
you
distinguish
between
well,
some
or
some
audit
user
use
a
later
on
switch
credentials
and
did
things
as
BCD,
but
I
still
know
it
was
originally
a
so
that's
kind
of
interesting
familiar
with
employment.
So.
A
C
C
C
C
Ever
use
cases
that
I
just
fill
up
on
stuff,
my
head
is
soak
em
in
feels
a
pen
module
that,
like
that
lets,
you
put
things
in
plea
into
the
child's
environment,
so
nice
has
already
had
missus
has
ways
already
to,
for
you
know
that
container
orchestrated
to
put
things
into
the
environment,
but
there's
no
way
for
the
platform
operator
to
inject
things
as
well.
So
this
case
is
where,
where
the
platform
operator
could
give
you
useful
together
containing
useful
information
in
the
environment.
A
There's
this
kind
of
interesting
likes,
I
think,
like
missus,
already
allowed
like
operator
to
specify
additional
environment
variable
for
as
pewter
enough
for
any
task
at
the
moment,
I
have
you
specified
or
late.
So
there
is
a
there
is
an
agent
flat,
leaf-like
and
security
environment
variables.
That's
how
you
specified
for
executors,
it's
a
special
file
for
that.
Yes,
there's
a
special
file
for
that.
But
I,
don't
remember.
If
there's
anyone
for
task
I,
don't
think
so
yeah
so
tasks,
not
sinful
nasty
container.
We
don't
have
things
like
this.
C
So
so
another
one
that
so
previously
in
this
form
ian
has
raised
me.
She
raised
the
a
desire
to
have
as
something
like
a
a
set
of
hooks
around
containers
or
a
very
simplified
kind
of
isolate
a
model
where
operators
can
do
things
around
the
container
lifecycle.
We
don't
write
my
isolator,
so
how
do
that
need
could
be
addressed
by
permanent
set?
The
pen
itself
is
a
session
facility
module
and
it
lets
you
run
arbitrary
programs
before
and
after
procession
it
so
there's
pretty
much
it's.
C
You
can
all
see
that
main
page,
so
an
exact,
let's
see
just
by
the
command.
But
let's
see
it
gets
the
dynamic
variables
from
pan
and
puts
it
into
the
amount
but
able
to
use
the
command
and-
and
it
lets
you
run
at
different,
different
facilities,
sorry
using
patterns,
if
you
can
run,
you
would
rather
run
a
program
for
a
container
starts
and
at
our
protein
other
containers
in
our
environment.
We
could
leverage
that
to
wire
containers
into
our
Splunk
luggage
blog
for
day.
But
you
know
this.
C
You
can
imagine
that
this
artifact
is
plenty
of
Connecticut,
so
these
use
cases
individually,
maybe
they're.
All
kind
of
bill
pretty
arbitrary
and
individually
they're.
All
just
little
things.
Where
is
the
big
picture?
Is
that
you
do
one
thing
we
do
you
make
one
change
in
the
way
missus
works.
It
does
open
up
a
wide
range
of
tweaks
that
you
can
do
to
your
containers
as
a
platform
operator,
and
you
can
take
advantage
of
a
lot
of
existing
facilities
that
you
know.
People
have
already
written
pen
models
for
yeah.
A
I
think
I
think
yeah
I
agree
with
you.
I
think
this
sounds
like
a
like
kind
of
like
an
extension
to
an
extension
like
like
right
now,
like,
although
the
container
Iser
allow
you
to
do
extension
using
Isolators,
but
on
this
one
allow
you
to
trade
facing
buildings,
basic
support,
foot
pad,
so
that,
like
people
can
use
an
arbitrary
time
modules
for
all
the
containers
for
any
inside
there.
So
yeah
I
think
like
for
some.
The
missing
features
that
people
already
have
time
module
for
equality
and
maybe
SELinux.
Then
we
can
directly
leverage
this
feature.
A
C
So
the
shared
lot
so
the
deployment
for
pair
modules
you
put
the
shared
libraries
in
the
host,
then
you
put
a
config
file
which
is
specific
to
an
application
context.
So
would
you
have
a
configuration
file
which
configures
a
different
set
of
em
modules
and
a
different
pen
workflow
but
may
sauce
then
for
PHP,
for
example,
I
see.
C
A
C
I'm
not
really
I,
think
I'm
not
really
expecting
people
to
write.
Nice
are
specific
pair
modules
and
multiplication
is
more
that
people
use
existing
and
modules
in
it
in
a
new
sauce
context.
Okay,
yeah,
one
of
the
things
that's
a
little
bit
sucky
about
pan
is
Pam,
has
a
notion
of
items
which
are
named
so
which
is
basically
key
value
pairs,
and
this
is
information
that
this
pass
is
stored
in
your
in
your
Pam
context
and
communicated
between
the
locations
of
the
modules.
C
The
crappy
thing
about
risk
is
that
they're
fixed,
so
there's
only
a
fixed
set
of
items
and
they're
sort
of
oriented
around
interactive
logins.
So
some
of
the
things
that
are
interesting
in
a
container
at
Orchestrator
context
are
difficult
to
kind
of
express
in
in
pan.
So
you
know:
what's
the
container
ID.
C
A
C
C
Looks
like
oh
so
G
is
logging
into
this
particular
batch
host
from
some
hostname,
and
we
can
pay
later
on
that.
Oh
okay,
you
came
from
this
IP
address
when
you
bought
it,
then
you
have
your
pan
water,
then
the
native
will
be
all
of
their
cook.
It's
a
split
and
G
logged
in
from
this
pan.
Our
host
is
this
IP
address
a
little
bit,
so
you
can
imagine.
Maybe
the
phrenic
ID
makes
sense
there.
C
There's
a
little
bit
of
pseudo
code
around
the
process
launch,
which
is
basically
critical
from
in
the
pan
application
examples.
So
we
might
see
and
you
the
code
works
like
the
disease,
you
start
up
paying
family
to
config
file
figures
out
what
the
workflow
is
going
to
be
for
the
modules
and
you
set
a
bunch
of
items
into
your
context.
This
is
the
information
back
and
we've
haven't
attended
alive,
so
food
baby
bears.
C
It
really
implies
that
you
know
we
have
a
process
that
waits
for
a
child.
We
can't
just
start
something
up
and
then
exec
the
child
and
forget
about
it.
Actually,
we
want
to
close
the
session.
We
want
to
tear
down
then
this
tightly
that
we've
constructed
we
might
want
to
be
water
doing
so
we
want
to
make
a
pretty
good
effort
to
do
the
other
one.
The
close
pilot
decision,
yeah.
C
Yeah,
what
happens?
There
is
very
much
specific
to
to
the
perm
module,
so
I
looked
at
the
code
for
some
of
them
and
replied
to
with
a
few
examples,
and
so
there's
a
module
called
Pam,
worn,
for
example,
which
emits
syslog
messages.
Just
goes,
oh
someone
logged
in
something's
done
and
if
you're,
depending
on
there
in
happen,
X
off
panics
off
with
like
a
stove,
cooking
fire
and
TTY
order,
teaching
whitewater,
it
removes
that
one
of
them
channels
for
me
to
do
I
come
on
in
so
that
would
fail
panky
ring.
C
If
you
have
people
using
kentuckians,
Pam
Kieran
would
would
leave
the
stove
heating
and
the
pail
on
last
log
that
latest
RW
to
a
tree.
So
Susie
there's
a
bunch
of
arbitrary
things
that
could
happen.
I
think
generally,
I
think
this
is
something
this
is
sort
of
something
that's
intrinsic
to
to
the
way
it
works
right.
Okay,
if
you
kill
minus
9,
it
says
HD.
When
none
of
these
things,
none
of
these
sessions
are
going
to
get
cleaned
up.
A
E
A
C
A
C
About
how
to
pick
the
process
management
needs
needs
to
work,
so
you
have
to
have
something
which
I'm
calling
family
so
veto
spam
session,
which
is
what
we
discuss
is
the
nanny
process.
There's
nanny
process
kind
of
just
sits
in
front
of
the
what's
currently,
that
makes
us
containerize
or
lunch
is
how
I
imagined
it
for
now.
A
Yeah,
just
sorry,
I
mean
I'm,
just
saying
it's
just
an
FYI
for
everybody
else.
I
had
a
chat
with
James
on
this
and
we're
trying
to
see
if
there's
a
way
to
remove
the
nanny
process,
because
I
think
mrs.
containerized
launches
itself
a
nanny
process
that
doing
signal
forwarding
and
and
wicked
basically
reading
that
from
the
practice
tree
and
sounds
like
Pam
session,
because
Pam
session
is,
we
try
to
see
if
there's
a
way
to
get
rid
of
that
just
have
one
single
nanny
process.
That's
all
the
jobs,
yeah.
C
I
think
that
would
be
pretty
desirable
if
we
can
kind
of
bundle,
those
together
in
some
way
yeah
so
I
thought
about
so
I
look
I'm,
pretty
hand-wavy
about
the
actual
implementation.
At
this
point,
but
I
did
write
down
in
here
in
the
process.
Man
requirements
basically
trying
to
express
the
background
of
what
I
think
process
management
needs
to
satisfy.
Mmm-Hmm.
A
C
C
We
can't
really
assume
anything
about
the
current
process
state,
so
that
implies
that
we
can't
run
this
in
the
metal
station,
for
example,
because
it's
dependent,
the
sessions
modules
have
modified
our
process
State
in
the
arbitrary
way,
and
where
is
it
still
good?
We
don't
really
know
because
we
need
to
open
and
close
a
session.
It
implies
that
we
have
to
have
some
kind
of
many
process
that
has
a
lifetime
greater
than
or
equal
to
agile.
C
We
need
to
run
on
the
agent
host
because
that's
where
the
pair
modules
are
trying
to
do
trying
to
say
I'll,
sometimes
pair
modules,
when
it's
at
a
container
just
seems
nuts.
So
we
really.
We
want
to
have
well-defined
semantics
for
this,
because
it's
for
operators
operator
zone
the
host,
not
the
container.
C
A
D
C
D
Okay,
yeah.
That
sounds
pretty
good
to
me.
I
think
one
of
my
initial
concerns
was
just
exposing
too
many
operating
system
level,
primitives
directly
via
maysa
api's.
If
it's
just
something
like
an
agent
flag,
it's
pretty
much
a
black
box,
it
can
be
switched
on
or
off
and
then
it
seems
like
all
the
configuration
would
reside
on
the
agents
themselves.
D
C
A
Yeah
I
think
this
yeah
I'll
say
this
is
useful
for
us
and
I
think
it's
definitely
useful
for
the
case,
where
I
like
the
operator
its
opportunity
about
something,
and
they
want
you
to
do
something.
Custom
has
tension
just
not
there
in
unity
missiles,
so
I
was
a
stencil
and
we
make
those
optional
things
that
we
can
turn
off.
If
people
don't
want
to
enable
that,
because
there
are
need
some
security
concern
like
how
do
you
make
sure
that
it's
a
module
is
lost,
yeah
I,
guess
like
like
who's
gonna
validate
the
module?
A
C
Everyone,
ships,
everyone,
ships
to
set
everyone,
ships
the
same
set
more
or
less
so
there's
three:
it's
really
only
three
implementations.
Apparently
it's
the
last
one,
there's
the
this
Linux
Pam
and
there's
open
pen.
So
Pam
is
one
of
those
things
that
everybody
uses
every
day,
but
no
one
actually
no
one
kind
of
realizes.
So
every
every
Linux.
C
Okay.
Let
me
back
off.
No,
let
me
back
that
off
a
little
bit.
Every
may
Automator
linux,
distros
use
pen
or
a
major
general
purpose.
Destroyers
pam
the
cloud
container
destroys
a
I'm,
not
actually
sure
so
stuff
like
Alpine
Linux.
Does
that
have
Pam
I'm,
not
sure
I'd
have
to
Google
ever.
A
E
C
C
I
imagined
it
as
a
kind
of
a
forwarding
launcher,
I
think
that's
an
implementation
choice,
but
okay,
okay,
I'm
intending
to
agree
with
Gina
I
think
doing
it
as
a
launcher
is
fairly
complex
because
you
want
to
be
a
launcher,
but
you
basically
want
to
also
retain
the
secret
semantics.
Probably
so
you
know,
if
you're
a
fan
won't
show,
you
don't
be
say,
want
to
be
incremental,
unix
launcher
or
the
project
or
treaters.
So
then
you
had
this
geared
forwarding
behavior.
Just
not
that
easy
to
understand.
A
A
Think
that
sounds
pretty
good.
I
think
I'm
pretty
happy
that
we
have
this
I'm
all
for
this
feature
and
for
the
exact
use
case
as
you
need
to
chat
with
some
security
folks
I
think
they
mentioned
some
selinux
integration
on
this,
but
I
still
need
to
chat
with
them,
see
what
exactly
the
SVSU
next
feature
they
are
expecting
from
this
feature,
but
I
think
in
general
I'm
up
for
this
and
for
some
simple
modules
like
auditing.
That's
definitely
useful.
A
C
A
Sir,
regarding
well
the
use
case
you
list
here
like
the
last
one,
exactly
an
arbitral
command
when
TAS
begin,
I'm,
not
sure
yeah,
yeah
I
think
this
to
me,
like
I'm,
still
more
in
favor
of
using
like
an
isolator
or
like
even
like,
allow
content
like
the
user
to
to
give
a
container
that
contains
command
that
allow
people
to
run
before
the
test
or
and
after
the
test,
and
things
like
that,
rather
than
like
rely
on
Pam
modules,
I
think
I'm,
shorter,
it's
okay,
but
I
think
long
term
I
think
we,
the
goal
is
trying
to
generally
move
those
features
to
be
things,
I
may
so
say,
anime
so
specific,
rather
than
just
like
an
arbitrary
Pam
module
which
is
written
for
some
different
purposing.
A
C
It
depends
on
the
audience
for
me,
so
she
uses
those
lots
of
interesting
use
cases
for
running
commands
in
containers.
You
know
before
your
main
tasks
and
after
your
main
tasks
and
I
guess,
the
current
is
pods
concept.
Lets
you
do
that
in
interesting
ways
and
as
a
user
I
can
really
take
advantage
of
that.
This
sort.
A
E
I
think
the
argument
is
still
on
for
even
using
the
isolator,
because
right
now,
I,
don't
think
user
things,
whether
to
speak
lights
or
framework,
slides
to
selectively
invoke
isolator
or
not.
So
any
estimate
has
one
Operator
enabled
on
they'll
be
in
the
electricity
executed.
I
can
relate
to
the
sort
of
each
container
yeah.
A
So
we
don't,
we
don't
allow
that
I
think
that's
a
deliberate
decision
that
we
don't
want
the
users
to
be
aware
of
isolator
I.
Think
isolated,
like
an
operator
choice,
we
do
have
like
some
eyes
on
I
do
allow
frame
once
you
make
some
tweaks
like,
for
example,
with
a
really
sharp
image,
makes
or
not
seems
like
this,
but
we
want
to
control
those
API.
So
we
don't
directly
exposed
to
what
Isolators
in
a
frame
we
can
use.
I
think
that's
too
much
for
a
provider
to
to
be
aware
of
I
was.
F
A
F
I
think
that's
a
pretty
important
aspect
of
the
design
that
it
might
make
sense
to
call
out
here
if
it's
not
already
called
out,
because
if
it's
consuming
host
resources,
I
wanna
know
and
if
it's
consuming
container
resources.
That
means
it's
constrained,
and
maybe
it's
not
a
different
network
at
that
point,
because
it's
been
isolated,
I,
don't
know
system
so.
C
A
A
C
C
When
we
what's
gonna
happen
is
you're,
gonna
run
some
command
and
it's
it's
gonna
run
in
the
host
map
containers
and
it's
very
quietly
in
the
container
I'm,
partly
not
I,
think
those
semantics
for
content
aggregation
should
be
well-defined
and
I.
Think
we've
come
to
the
way
Pam
works.
It
has
to
be
that
it's
on
the
house.
Ok,
yeah,.
C
A
Yeah,
so
if
that's
the
case,
then
I
think
we
need
to
do
something
restructure
of
any
process
to
make
sure
that
we
have
a
chance
to
run
something
in
the
host
environment
before
we
actually
entered
the
container
environment,
because
I
think
right
now
it's
in
the
code
coleus
like
within
any
process.
You
always
seen
the
container
context,
at
least
for
regarding
the
nominees
faces
or
other
names
this
that.
A
A
C
A
So
so
make
that
nanny
practice
outside
the
containers
in
space
made
the
user
test.
Let's
pick
one
so
that
make
that
optional.
So,
basically,
some
people
prefer,
like
I,
won
I,
don't
want
to
handle
like
reaping
sp1.
When
you
go.
Don't
have
that
logic,
so
sometimes
people
prefer
like
having
done
any
practice
for
one,
but
sometimes
people
prefer,
like
hey
I,
want
resistant
being
my
continued
I.
Don't
want
you
to
be
pill
one
otherwise.
I
cannot
run
my
container
so
so
we
want
to
support
those
use
cases.
What's.
C
A
C
A
A
All
right,
that's
cool,
I,
think
that's
very
useful
and,
like
articulate,
I
think
this
I
go.
We
don't
I
think
this
is
kind
of
a
deal
and
I
think
that's
good
enough
and
I
think.
Once
we
agree
on
the
implementation
plan,
we
can
just
start
working
on
that
yeah
I'll
be
I'll,
be
happy
to
share
this
work.
It's
pretty
interesting!
Oh
thanks.
C
A
No
I
think
that's
it
for
today's
working
group.
If
you
have
any
question,
feel
free
to
slaking
the
containerization
slack
channel
inmates
of
slack
or
sent
email
to
the
mailing
list,
I
think
we
don't
have
a
dedicating
list.
If
you
have
any
specific
question
about
containerization,
just
using
the
title
was
like
a
containerization
of
working
group,
just
like
I,
just
hope
for
those
reading
those
emails,
and
then
we
can
reply
to
you.
I
think
that's
approach
to
your
comment
that
every
single
conversation
should
be
public
in
the
mailing
list.
Okay,
sounds
good.
F
A
Maybe
it's
not
it's!
It's
very,
not
like
kind
of
a
major
concern,
because
I
think,
like
I,
think
only
operator
is
supposed
to
use
pan
modules
and,
if
opera
conflict
the
agent
wrong
or
can
fit
the
know
round
and
there's
nothing,
we
can
do
in
that
case.
I
think
we
always
trust
the
operator
to
do
the
right
thing.
A
A
There
will
be
cases
where
you
have
something
that
overriding
the
environment
rebel,
which
is
critical
for
things
like,
for
example,
in
the
process.
There
will
be
a
problem
so,
but
there's
nothing
that
and
I
mean
if
I'll
put
it
like
this,
a
militia
stand,
there's
nothing.
You
can
prevent
him
from
doing
the
wrong
things.